Public IP addresses (Usable vs. non-usable)

This is more a theory question than a problem.

We have a full T-1 line setup with SBC.  We also have our configuration sheet that tells us our block of static IP addresses, DNS servers, etc.  

My question is about the block of 50 static IP addresses.  Our router is assigned only one of these IP addresses.  If the other 49 static IP addresses are non-usuable what are they for?  The router can only be configured for one public IP address.  All traffice comes in through the one usable IP address and the router sends the traffic to our inside network (exchange, domain controller, etc).  How do you use the other 49 non-usable  public IP addresses?

I don't understand why we would have 50 static IP addresses if we can only use one of them.  I'm sure in my confusion I'm not asking the right questions.  I hope someone can shed some light on this for me.
Who is Participating?
Okay this is an easy question/theory

There are two things your dealing with here, NAT and CIDR

NAT is network address translator, what this does, is takes one usable routable IP address that you would use to connect to the internet and translate it between the internal network of machines that dont have routable ip address, such as the 192.168.x.x or or private ip blocks. Everytime a computer from the internal network wants to conenct to the internet and go online, your router strips the internal address off of it and give it the public ip address to roam about the internet, so you enter the router with a private address and leave the router out into the internet with a public address. When data comes back in to the router, it strips the public address off the data and gives it the priate address of your PC to send it back to you. Hence Address translation. NAT allows multiple computers to be on the internet with the same public IP address. This is a great security feature because when they trace the IP they trace it back to the router and thats where it stops, it cant be traced directly to the host. Of course further tracing can be performed to find the exact computer.

CIDR is classless interdomain routing. What this does is you purchase a block of IP address from an isp, normally comes in the form of

the /x tells you how many bits are the same and allows you to tell exactly how many Ip address you are purchasing. When using CIDR each address can be used as an address on a computer, so that they have direct connections to an internet and are not behind an internal network. Companies use this when they have a couple of computers that need direct connections to the internet at all times for example multiple web servers, ftp servers and things like that.

Your router, is performing NAT if you have an internal network. That means that you are using one address to connect to the internet and your router translates between the public and private address and slaps a public address on the computers that need to go out on the internet. All this means is that your paying for way more addresses then you need, now unless you can grab 49 computers and turn them into ftp and web servers your wasting your money to the ISP. And i would suggest canceling the payment of the other 49 address and keep the address on your router. You should make sure, the address is the first address in the block, when returning IPs if you have a IP in use in the middle of the block, that then seperates the block into 2 25 blocks. Some ISPs might not like that, some ISPs wont even let you use the first IP and they might take the entire 50 block and give you a new single Ip address, that you will have to configure on your router.

But its worth because you save the price of 49 ips you dont use per month, hope this gives you a good description of the theory/question you had

I'm not sure on this one...but:

If you use 1 IP address on the router the machines that do not use one of the other 49 Static IP addresses will pick up a DHCP address (RFC1918) from the router.

You may find that some applications do not like using DHCP addresses but prefer to use static IP's

So you may find that you want to run a webserver inside your connection that may need a static IP. Maybe you can run 49 webservers! :-)

Couple ways to do this:

1.  If you are using NAT on the router, the block of public IP addresses would be used for one to one NAT.  An internal server would be assigned a static private IP address and a one to one NAT would be setup on the router associating one of the public IP addresses from the block of 50 to the private IP address of the server.  This would be useful if you had 50 servers on your inside network, otherwise you are wasting your money with the block of 50 public addresses.

2.  You could use that block of public IP addresses to address the inside network using public addresses versus private addresses.  You would assign the router's inside interface and the PC's an address from the block of 50.  NAT is not used and all hosts can be directly contacted from the Internet.  This assumes you have less than 50 hosts.  There really isn't any point in doing it this way.

If you don't have a need to setup static NAT's for 50 machines on the inside network, I would recommend "giving" the block of public IP addresses back to your provider as they are not necessary.  If you have a need to setup one to one NAT's for a few servers, you can get away using PAT on the one public IP address or you could get a block of 4 or 8 addresses.
Cloud Class® Course: Microsoft Office 2010

This course will introduce you to the interfaces and features of Microsoft Office 2010 Word, Excel, PowerPoint, Outlook, and Access. You will learn about the features that are shared between all products in the Office suite, as well as the new features that are product specific.

Fatal_ExceptionSystems EngineerCommented:
Wow, only seen these many addresses when one is running a webhosting company...  If you are not, then do as JF suggests and give them back.  Am sure it is costing you quite a bit for all those unused addresses......

jplagensAuthor Commented:
Thanks for the input krazieintent and everyone else.  That was my exact feeling.  I asked the ISP why was I paying for such a large block of static IP's when only one routable IP address and NAT was getting the job done.  I was unsure if maybe I needed to somehow assign another public IP address to the web server and one to the Exchange server.

From my understanding of krazieintent's explanation it sounds like one routable IP address and NAT is the correct setup and is accomplishing everything I need it too.

Can you assign one of the other static IP's to another server and still use the NAT configuration?  Or is it all or nothing? Meaning either use one static IP and NAT or CIDR and many static IP addresses?
Fatal_ExceptionSystems EngineerCommented:
If your webserver is going to be a public server, then it is best to use a private IP address on this, and use PAT to deliver request packets (if your router/firewall allows for PAT)...  But if it is meant for internal use only (intranet), then you only need the one address..    My company has a block of 5 Ip addresses for our setup, and those take care of everything we need to do there.  You certainly do not need the 50 though, whatever you are doing in your network, if you only have 2 servers being accessed from the WAN...

The thing about IPs NAT CIDR and the other different configurations is there is always a way of interchanging between them, allowing for maximum efficency.

You can most definently use another static public address for your webserver.

It depends on what you want your setup to be. If your webserver has a private address, then you will set your router to foward traffic on port 80 the http port to that private address to the web server. So to the outside world, your webserver will take on the same public IP address you have on your router interface. This is still safe and secure.

How ever if you wanted to have your webserver on another public IP address and not part of the private IPS, that is fine as well, and is quite possible. In this scenerio you would just configure the NIC with the IP and connect it to the internet(of course thru firewalls and of the sort). Of course you would then have two connections to the ISP.

But you have the choice of what you would like to do. Most companies use NAT and assign their webservers with internal addresses, and enable their routers to do port forwarding. Most times when a company has mroe then one web server the other is for redundancy purposes or as a backup web server, and they use a public IP for that, just incase the first internet connection ever fails, the other webserver can take its place.

When companies do this, they also like to perfer 2 different ISPs. I would also recommend using 2 different ISPs. This is called multi Homed. Reason is because say for example Verizon is your ISP and you have 2 connections from them comming into your office. If something ever happend internally to verizon, both of your connections go down and completely locks you out of connection to the internet.

Now say for example, you have 2 connections one from verizon, and the other from AT&T. If verizon goes down, your AT&T connection would still be up and all of your internet traffic could be diverted to tru the AT&T connection as well as having your webserver up.

It is very unlikely that both ISPs will be down at the same time.

But to sum up your original question, you can assign as many computers as youd like with static and still use NAT yes. The only thing is you would have to add the new networks to your router to enable communication between all the different IP address.

Hope this helps
jplagensAuthor Commented:
Thanks Kevin.  This was always a subject that I kind of vaguely knew how things worked, but not enough to explain it to anyone else.  Once again, thanks for all of your help!
Well hopefully my explainations will allow you to be able to explain to everyone else.

Glad I could help

- Kevin
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.